Mark, Since fport.exe isn't native to any MS system, you'd have to get it from the 'net someplace. The thing to do (and I do this in the IR course I teach) would be to burn your tools to a CD. If you can't do that, then you can put them on a diskette and write-protect it. HTH. --- Mark Newby <markat_private> wrote: > H C wrote: > > [...] > > Danny took the typical action seen of most > > admins...port scanning the system from the > outside, > > and comparing the open ports to lists of known > trojans > > and services. This is inconclusive at best, and > leads > > to a lot of speculation and time-wasting. Better > to > > run fport on the system (if NT/2K...if the system > is > > XP, run netstat w/ the '-o' switch) instead, to > see > > the process to port mapping. > > [...] > > ...but I thought the advice for a (possibly) > compromised box was *not* > to run executable programs that resided on that > host, as they can't be > trusted? > > > mark > > __________________________________________________ Do You Yahoo!? Yahoo! - Official partner of 2002 FIFA World Cup http://fifaworldcup.yahoo.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed May 29 2002 - 13:52:56 PDT